package com.gljx.web.controller;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

import com.gljx.util.CommonUtil;
import com.gljx.util.GetFid;
import com.gljx.web.Entity.User;
import com.gljx.web.service.UserService;


@Controller
public class LoginController {
	
	private  Logger logger = Logger.getLogger(getClass());
	
	private UserService UserService;
	
	// 登陆提交地址，和applicationContext-shiro.xml中配置的loginurl一致
    @RequestMapping("/login")
    public String login(HttpServletRequest request) throws Exception {
    	System.out.println("本次sessionID："+SecurityUtils.getSubject().getSession().getId());;
    	//ModelAndView mav=new ModelAndView();
		//mav.setViewName("login");
		//mav = mySetWeb(mav);
        return "login";//mav;
    }
    
    
    //这个路径内逻辑一般是已认证用户重新选择用户使用
    @RequestMapping("/checkuser")
    public ModelAndView checkuser(HttpServletRequest request,ServletRequest request2,ServletResponse response) throws Exception {
    	ModelAndView mav=new ModelAndView();
    	mav.setViewName("login");
    	String username = request.getParameter("username");  
    	
        String pwd = request.getParameter("password");  
        String host =request.getRemoteAddr();
        String captcha = request.getParameter("captcha");
        boolean rememberMe = Boolean.valueOf(request.getParameter("rememberMe"));
        
        //session中的验证码
        String session_captcha = (String) request.getSession().getAttribute(
                com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
        if(pwd == null){
        	mav.getModel().put("message","" );
        	return mav;
        }
        if(CommonUtil.isSpecialChar_strict(username)||
        		CommonUtil.isSpecialChar_strict(pwd)||
        			CommonUtil.isSpecialChar_strict(captcha)){
        	logger.error("#非法字符输入#"+host+"##"+"账号密码校验");
        	new IncorrectCredentialsException();
        }
        UsernamePasswordToken token = new UsernamePasswordToken(username, pwd.toCharArray(),
        		rememberMe,host);   
        Subject currentUser = SecurityUtils.getSubject();   
        try {
        	currentUser.login(token);    
			
		} catch(IncorrectCredentialsException e){
			logger.info("#已认证的二次登陆#"+token.getUsername()+token.getHost()+"##"+"登录失败--"+e);
			//mav.getModel().put("message","账户密码错误" );
			mav.getModel().put("message","账户密码错误" );
        	return mav;
		} catch (UnknownAccountException e) {
			logger.info("#已认证的二次登陆#"+token.getUsername()+token.getHost()+"##"+"登录失败--"+e);
			mav.getModel().put("message","账户密码错误" );
        	return mav;
		} catch (Exception e) {
			logger.error("#已认证的二次登陆#"+token.getUsername()+token.getHost()+"##"+"未知错误--",e);
			mav.getModel().put("message","未知错误，请重试" );
        	return mav;
		}
        //比对  
        if (captcha != null && !captcha.equalsIgnoreCase(session_captcha)) {
        	mav.getModel().put("message","验证码错误!!!!!!!!" );
        	return mav;
        }
    	/*if(rememberMe){
    		MyRememberMe.rememberCookie(token, request2, response);
    	}else{
    		MyRememberMe.removeCookie(token, request2, response);
    	}*/
        logger.info("#已认证的二次登陆#"+token.getUsername()+"登录成功");
        mav.setViewName("backHome/main");
        return mav;
    }
}
